CVEs from 2018
Total
2,856
critical
critical 238
high
high 331
medium
medium 263
low
low 39
% Critical
8.3%
% with KEV
3.1%
% with exploit
9.1%
Top vendors
- intel 1,561
- schneider-electric 43
- siemens 42
- rockwellautomation 16
- echelon 15
- redhat 12
- oracle 9
- arm 9
Top products
- core_i7 379
- core_i5 375
- core_i3 242
- xeon_e5 82
- xeon_e7 62
- xeon_e3 58
- xeon_gold 33
- atom_z 30
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18655 | unknown | — | — | — | Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. | |||
| CVE-2018-20683 | unknown | — | — | — | commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v,… | |||
| CVE-2018-20185 | unknown | — | — | — | In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a… | |||
| CVE-2018-20725 | unknown | — | — | — | A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. | |||
| CVE-2018-19762 | unknown | — | — | — | There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact. | |||
| CVE-2018-18928 | unknown | — | — | — | International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. | |||
| CVE-2018-15854 | unknown | — | — | — | Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry t… | |||
| CVE-2018-7544 | unknown | — | — | — | ||||
| CVE-2018-7587 | unknown | — | — | — | An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. | |||
| CVE-2018-7637 | unknown | — | — | — | An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colo… | |||
| CVE-2018-1000101 | unknown | — | — | — | Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used t… | |||
| CVE-2018-1059 | unknown | — | — | — | The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translat… | |||
| CVE-2018-8882 | unknown | — | — | — | Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. | |||
| CVE-2018-2622 | unknown | — | — | — | ||||
| CVE-2018-10778 | unknown | — | — | — | Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have… | |||
| CVE-2018-15599 | unknown | — | — | — | The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages… | |||
| CVE-2018-6511 | unknown | — | — | — | A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Aff… | |||
| CVE-2018-20357 | unknown | — | — | — | A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application… | |||
| CVE-2018-5244 | unknown | — | — | — | In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows … | |||
| CVE-2018-3640 | unknown | — | — | — | Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local us… | |||
| CVE-2018-1000031 | unknown | — | — | — | A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. | |||
| CVE-2018-1000155 | unknown | — | — | — | ||||
| CVE-2018-10845 | unknown | — | — | — | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text reco… | |||
| CVE-2018-13043 | unknown | — | — | — | scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. | |||
| CVE-2018-19890 | unknown | — | — | — | An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and app… | |||
| CVE-2018-1140 | unknown | — | — | — | A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used a… | |||
| CVE-2018-14867 | unknown | — | — | — | Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess d… | |||
| CVE-2018-5126 | unknown | — | — | — | Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary c… | |||
| CVE-2018-7159 | unknown | — | — | — | The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP sp… | |||
| CVE-2018-11129 | unknown | — | — | — | The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted… | |||
| CVE-2018-11130 | unknown | — | — | — | The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a craft… | |||
| CVE-2018-19131 | unknown | — | — | — | Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. | |||
| CVE-2018-14868 | unknown | — | — | — | Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current… | |||
| CVE-2018-11365 | unknown | — | — | — | sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop. | |||
| CVE-2018-1000886 | unknown | — | — | — | nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This at… | |||
| CVE-2018-20538 | unknown | — | — | — | There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. | |||
| CVE-2018-11416 | unknown | — | — | — | jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified… | |||
| CVE-2018-9246 | unknown | — | — | — | The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting … | |||
| CVE-2018-14424 | unknown | — | — | — | The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially… | |||
| CVE-2018-7441 | unknown | — | — | — | Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race cond… | |||
| CVE-2018-21016 | unknown | — | — | — | audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||
| CVE-2018-7442 | unknown | — | — | — | An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary fil… | |||
| CVE-2018-1000998 | unknown | — | — | — | FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same dom… | |||
| CVE-2018-13871 | unknown | — | — | — | ||||
| CVE-2018-13872 | unknown | — | — | — | ||||
| CVE-2018-11319 | unknown | — | — | — | Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be e… | |||
| CVE-2018-18311 | unknown | — | — | — | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||
| CVE-2018-10016 | unknown | — | — | — | Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. | |||
| CVE-2018-14618 | unknown | — | — | — | curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to fig… | |||
| CVE-2018-11731 | unknown | — | — | — | The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via … | |||
| CVE-2018-12482 | unknown | — | — | — | OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. | |||
| CVE-2018-18873 | unknown | — | — | — | ||||
| CVE-2018-17954 | unknown | — | — | — | ||||
| CVE-2018-11563 | unknown | — | — | — | An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged… | |||
| CVE-2018-7186 | unknown | — | — | — | Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) o… | |||
| CVE-2018-17883 | unknown | — | — | — | An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent op… | |||
| CVE-2018-20800 | unknown | — | — | — | An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their ag… | |||
| CVE-2018-12178 | unknown | — | — | — | Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. | |||
| CVE-2018-20762 | unknown | — | — | — | GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted … | |||
| CVE-2018-5103 | unknown | — | — | — | A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird <… | |||
| CVE-2018-19837 | unknown | — | — | — | In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, bec… | |||
| CVE-2018-11738 | unknown | — | — | — | An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs… | |||
| CVE-2018-14044 | unknown | — | — | — | The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and applica… | |||
| CVE-2018-14045 | unknown | — | — | — | The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and applicati… | |||
| CVE-2018-2689 | unknown | — | — | — | Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vuln… | |||
| CVE-2018-20821 | unknown | — | — | — | The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). | |||
| CVE-2018-1000030 | unknown | — | — | — | Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be … | |||
| CVE-2018-10115 | unknown | — | — | — | Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) … | |||
| CVE-2018-16846 | unknown | — | — | — | It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. | |||
| CVE-2018-20822 | unknown | — | — | — | LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). | |||
| CVE-2018-8975 | unknown | — | — | — | The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through 10.81.03 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, as demonst… | |||
| CVE-2018-0489 | unknown | — | — | — | Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to… | |||
| CVE-2018-18088 | unknown | — | — | — | OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | |||
| CVE-2018-8945 | unknown | — | — | — | The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmen… | |||
| CVE-2018-20451 | unknown | — | — | — | The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. | |||
| CVE-2018-20431 | unknown | — | — | — | GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. | |||
| CVE-2018-11749 | unknown | — | — | — | When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.… | |||
| CVE-2018-1106 | unknown | — | — | — | An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to … | |||
| CVE-2018-8764 | unknown | — | — | — | Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mecha… | |||
| CVE-2018-11729 | unknown | — | — | — | The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a cr… | |||
| CVE-2018-4700 | unknown | — | — | — | ||||
| CVE-2018-10184 | unknown | — | — | — | An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only appl… | |||
| CVE-2018-14450 | unknown | — | — | — | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp. | |||
| CVE-2018-14452 | unknown | — | — | — | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunk… | |||
| CVE-2018-14453 | unknown | — | — | — | An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h. | |||
| CVE-2018-18192 | unknown | — | — | — | An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp. | |||
| CVE-2018-18193 | unknown | — | — | — | An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp. | |||
| CVE-2018-18196 | unknown | — | — | — | An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp. | |||
| CVE-2018-3849 | unknown | — | — | — | In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image t… | |||
| CVE-2018-1000069 | unknown | — | — | — | FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to r… | |||
| CVE-2018-19517 | unknown | — | — | — | An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf. | |||
| CVE-2018-10733 | unknown | — | — | — | There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2018-7333 | unknown | — | — | — | In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size. | |||
| CVE-2018-6330 | unknown | — | — | — | Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. | |||
| CVE-2018-11468 | unknown | — | — | — | The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by m… | |||
| CVE-2018-11504 | unknown | — | — | — | The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2htm… | |||
| CVE-2018-11503 | unknown | — | — | — | The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd… | |||
| CVE-2018-13112 | unknown | — | — | — | get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcp… | |||
| CVE-2018-17580 | unknown | — | — | — | A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Expo… | |||
| CVE-2018-20552 | unknown | — | — | — | Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tree in tree.c. |